EP1338938A1 - Protection against unauthorised execution of a program on an IC card - Google Patents

Protection against unauthorised execution of a program on an IC card Download PDF

Info

Publication number
EP1338938A1
EP1338938A1 EP02290449A EP02290449A EP1338938A1 EP 1338938 A1 EP1338938 A1 EP 1338938A1 EP 02290449 A EP02290449 A EP 02290449A EP 02290449 A EP02290449 A EP 02290449A EP 1338938 A1 EP1338938 A1 EP 1338938A1
Authority
EP
European Patent Office
Prior art keywords
application
token
remote server
portable object
lrs
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP02290449A
Other languages
German (de)
French (fr)
Inventor
Jean-Marc c/o Schlumberger Systèmes Lambert
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Axalto SA
Original Assignee
Schlumberger Systemes SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Schlumberger Systemes SA filed Critical Schlumberger Systemes SA
Priority to EP02290449A priority Critical patent/EP1338938A1/en
Priority to JP2003570228A priority patent/JP2006514788A/en
Priority to CNB038052741A priority patent/CN100345077C/en
Priority to EP03702922A priority patent/EP1483640A2/en
Priority to US10/505,599 priority patent/US20050091544A1/en
Priority to PCT/IB2003/000648 priority patent/WO2003071401A2/en
Priority to AU2003206039A priority patent/AU2003206039A1/en
Publication of EP1338938A1 publication Critical patent/EP1338938A1/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3552Downloading or loading of personalisation data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features
    • G06Q20/3576Multiple memory zones on card
    • G06Q20/35765Access rights to memory zones

Definitions

  • the invention concerns a method of controlling the use of an application provided on a portable object.
  • the portable object can be, for example, a Subscriber Identity Module ("SIM”), a smart card, a cell phone or any portable object capable of executing a program written in a computer language.
  • SIM Subscriber Identity Module
  • a method of controlling the use of an application capable of being run on a portable object is characterized in that the method comprises the following steps:
  • An application cannot run without the presence of a valid token.
  • the owner of the application can therefore control the use of the application, even if the application has been delivered via an open framework.
  • the invention thus allows, for example, pay-per-use applications, wherein a licence needs to be purchased in order to use the application in a certain fashion.
  • FIG. 1 shows a SIM card SIC associated with a cell phone MP.
  • the SIM card SIC and the cell phone MP are used by an end user.
  • the SIM card SIC associated with the cell phone MP are in relation with a licensing remote server LRS and an application remote server ARS.
  • the licensing remote server LRS and the application remote server ARS are in relation with the SIM card SIC associated to the cell phone MP through a bi-directional communication channel BCC.
  • This bi-directional communication channel BCC can be, for example, a Short Message Service (“SMS”), a General Packet Radio Service (“GPRS”), an Internet Protocol (“IP”), infrared or any other bi-directional communication channel.
  • SMS Short Message Service
  • GPRS General Packet Radio Service
  • IP Internet Protocol
  • the licensing remote server LRS and the application remote server ARS are in relation with respectively a first database DB1 and a second database DB2.
  • the first database DB1 comprises a plurality of data related to different users. For each user the database comprises, for example, the name N of the user, the phone number PN, an identification data IDDA related to an application which is on the cell phone MP associated with the SIM card SIC of the user.
  • the first database DB1 further comprises an encryption key EK, a status STA concerning an application used by the user and an area for storing a licence token TK.
  • the first database DB1 may also comprise any other elements concerning the user, the different applications he uses and the SIM card SIC associated with the mobile phone MP.
  • the licensing remote server LRS and the application remote server ARS communicate to the cell phone MP associated with the SIM card SIC via the bi-directional communication channel through a network interface NI.
  • the second database DB2 comprises a plurality of applications.
  • FIG.2 shows more details of the SIM card SIC.
  • the SIM card SIC comprises a processor PROC, an interface device I/O for the input or output of data and a data area DD comprising identification elements related to the SIM card SIC and its owner. These identification elements comprise, for example, the Integrated Circuit Card IDentification number ICCID and the name N of the user.
  • the SIM card SIC further comprises an operating system OS and an application interpreter I.
  • the application interpreter I is in relation with a plurality of application program interface APIs, for example, functions or classes.
  • the application interpreter I is also in relation with a plurality of applications A1, A2,.. AN to be executed. These applications A1, ... An can use the different applications program interface API through the application interpreter I.
  • the SIM card SIC also comprises a storage area SA, which can be accessed through the application program interface API. The access right to that storage area SA is managed by the operating system OS.
  • FIG. 3 illustrates the structure of an application A.
  • the application A comprises a code area CA and a data area DA.
  • the data area DA comprises data related to the application A and an area for storing at least one token TK.
  • the code area CA comprises code, in particular at least one specific token-validating program TVP.
  • the token TK is a data that has a specific value.
  • the value is, for example, related to an identification of the SIM card SIC, or to an identification of the application that can run on the SIM card SIC, or both identifications.
  • the value of the token TK can further be related to a certain type of licence.
  • the value of the token TK may be a function of, for example, the identification of the SIM card SIC, the identification of the application and the type of licence.
  • a token TK can therefore only be used on the specific SIM card SIC it is computed for.
  • the given application can be, for example, a weather forecast application.
  • the end user can then choose between three types of licence.
  • Three different token TK will thus be associated with this weather forecast application.
  • the application comprises different services, for example, a weather forecast service and a game service. For each service, different types of licence can be associated.
  • the SIM card SIC may comprise, for example, a specific token-validating program TVP for each token TK.
  • the SIM card SIC may comprise a unique token-validating program TVP that is capable of checking the validity of the three different token TK.
  • a token validating program TVP is advantageously stored in the code area CA of the application A.
  • a token TK is encrypted through an encrypting key. And the token TK can be decrypted only through a decrypting key.
  • FIG. 4 shows the different steps of the method according to the invention.
  • a starting step STAR an application loaded on the SIM card SIC is started.
  • the application verifies whether a token TK associated to the application is present or not.
  • the token TK may be stored, for example, in the data area DA of the application.
  • the token TK may be stored in a specific file F located on the SIM card SIC.
  • Such a file F may comprise a plurality of tokens TK.
  • each token may be stored in a different file.
  • a token TK is present, in a first validating step VAL1, the application verifies if the token TK is valid.
  • the application If the token TK is encrypted, the application first decrypts the token TK. Subsequently, the application checks the validity of the token TK by means of the corresponding token-validating program TVP.
  • the application comprises different services, for example, a weather forecast service and a game service.
  • the weather forecast service is paid by Mr. Nobody, for a time period ranging from a date T1 to a date T2.
  • the game service is paid by Mr. Nobody, for a time period ranging from a date T3 to a date T4.
  • These parameters (T1,T2,T3,T4,Mr. Nobody) are contained in the token TK.
  • the token-validating program TVP will extract these different parameters (T1,T2,T3,T4, Mr. Nobody) from the token TK.
  • the token-validating program TVP compares these parameters (T1,T2,T3,T4, M. Nobody) with, for example, the present time T and the identification elements stored in the data area DD.
  • the data area DD comprises identification elements related to the SIM card SIC and its owner. The application can thus check the validity of the token TK.
  • the application continues to run. If the present token TK is not valid, in an application-aborting step ABO1, the running of the application is aborted.
  • a licence request is sent to the licensing remote server LRS to require a token TK.
  • the licence request REQ can be made by a specific application different from the application to be run, by direct human interface request or by means of a specific file F comprising different tokens TK.
  • This file F can be located on the SIM card SIC.
  • the licence request includes the identification elements related to the SIM card SIC and its owner, which elements are comprised in the data area DD as shown in figure 2.
  • the licensing remote server LRS effects certain steps in response to the licence request:
  • the SIM card SIC receives the response comprising the token TK from the licensing remote server LRS.
  • the application checks the received token TK to know whether the token is valid or not.
  • the received token TK is decrypted by means of a decrypting key located on the SIM card SIC.
  • a token-validating program TVP checks whether the received token TK is valid or not.
  • the application can continue to run. If the received token TK is not valid, in a second application-aborting step ABO2 the running of the application is aborted.
  • the application to be run was already loaded on the SIM card SIC. But if the application to be run is not loaded on the SIM card SIC, the application can be downloaded from the second database DB2 of the application remote server ARS. The application remote server ARS then sends the requested application to the SIM card SIC.
  • the application remote server ARS can also send a request to the licensing remote server LRS for sending a token TK from the licensing remote server LRS to the SIM card SIC. The request can also be made from the SIM card SIC.
  • the application interpreter I can also be loaded from the application remote server ARS.
  • the application to be run can also be loaded from a specific card reader available, for example, at a sales outlet.
  • the licensing remote server LRS and the application remote server ARS can be a single remote server.
  • the applications were loaded on a SIM card associated with a cell phone MP. More generally the applications can be loaded on any portable object capable of running a program written in a computer language.
  • the computer language can be an object oriented language, in particular an object oriented language using an application interpreter. But the computer language can also be a compiled language.
  • the portable object can be, for example, a smart card, a cell phone, or a personal digital assistant PDA.
  • the token TK received from the licensing remote server LRS is located in the application and/or in the specific file F. But the token TK can be located elsewhere in the portable object SC.
  • a temporary licence token there can be a temporary licence token.
  • the token can furthermore contain configuration elements to activate or deactivate part of the application.
  • Billing can be done on the licensing remote server LRS.
  • the licensing scheme can be based on the database DB1.
  • asymmetrical keys are used to encrypt or decrypt the token TK, that is a private encrypting key and a public decrypting key have been used, but symmetrical keys can also be used.
  • an application can easily be delivered in an open framework.
  • a digital signature can be associated with the application, so as to allow authentication.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Stored Programmes (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

A method of controlling the use of an application. The application is capable of being executed on a portable object (SC. The method is characterized in that the method comprises the following steps:
  • a requesting step (REQ), in which a licence request is sent to a licensing remote server LRS ;
  • a sending step (SEN), in which the licensing remote server (LRS) sends a token TK to the portable object (SC);
  • a validating step (VAL2), in which the token (TK) is checked so as to determine whether the token is valid or not; and
  • if the token (TK) is not valid, in an application-aborting step (ABO2), the execution of the application is aborted.

Description

    FIELD OF THE INVENTION
  • The invention concerns a method of controlling the use of an application provided on a portable object. The portable object can be, for example, a Subscriber Identity Module ("SIM"), a smart card, a cell phone or any portable object capable of executing a program written in a computer language.
  • BACKGROUND OF THE INVENTION
  • Applications are generally preloaded on the portable object during a personalization step. Due to the lack of standards in the distribution scheme, it is difficult to get them onboard later on. These preloaded applications are specific to a particular portable object. During the personalization step, these applications must be checked on each portable object.
  • In the context of cards and mobile, the standardisation of the infrastructure leads to more openness. It is then possible to load an application on a portable object without control of its developer or owner.
  • SUMMARY OF THE INVENTION
  • It is an object of the invention to allow a better control of the use of an application capable of being executed on a portable object.
  • According to one aspect of the invention, a method of controlling the use of an application capable of being run on a portable object (SC), is characterized in that the method comprises the following steps:
    • a requesting step (REQ), in which a licence request is sent to a licensing remote server (LRS) ;
    • a sending step (SEN), in which the licensing remote server (LRS) sends a token (TK) to the portable object (SC);
    • a validating step (VAL2), in which the token (TK) is checked so as to determine whether the token is valid or not; and
    • if the token (TK) is not valid, in an application-aborting step (ABO2), the running of the application is aborted.
  • An application cannot run without the presence of a valid token. The owner of the application can therefore control the use of the application, even if the application has been delivered via an open framework. The invention thus allows, for example, pay-per-use applications, wherein a licence needs to be purchased in order to use the application in a certain fashion.
  • These and other aspects of the invention will be described in greater detail hereinafter with reference to drawings.
  • BRIEF DESCRIPTION OF THE DRAWINGS
    • Figure 1 illustrates a system using the method according to the invention;
    • Figure 2 illustrates a structure of a portable object;
    • Figure 3 illustrates a structure of an application; and
    • Figure 4 illustrates the different steps of the method according to the invention.
    DETAILED DESCRIPTION
  • FIG. 1 shows a SIM card SIC associated with a cell phone MP. The SIM card SIC and the cell phone MP are used by an end user. The SIM card SIC associated with the cell phone MP are in relation with a licensing remote server LRS and an application remote server ARS. The licensing remote server LRS and the application remote server ARS are in relation with the SIM card SIC associated to the cell phone MP through a bi-directional communication channel BCC. This bi-directional communication channel BCC can be, for example, a Short Message Service ("SMS"), a General Packet Radio Service ("GPRS"), an Internet Protocol ("IP"), infrared or any other bi-directional communication channel.
  • The licensing remote server LRS and the application remote server ARS are in relation with respectively a first database DB1 and a second database DB2.
  • The first database DB1 comprises a plurality of data related to different users. For each user the database comprises, for example, the name N of the user, the phone number PN, an identification data IDDA related to an application which is on the cell phone MP associated with the SIM card SIC of the user. The first database DB1 further comprises an encryption key EK, a status STA concerning an application used by the user and an area for storing a licence token TK. The first database DB1 may also comprise any other elements concerning the user, the different applications he uses and the SIM card SIC associated with the mobile phone MP. The licensing remote server LRS and the application remote server ARS communicate to the cell phone MP associated with the SIM card SIC via the bi-directional communication channel through a network interface NI.
  • The second database DB2 comprises a plurality of applications.
  • FIG.2 shows more details of the SIM card SIC. The SIM card SIC comprises a processor PROC, an interface device I/O for the input or output of data and a data area DD comprising identification elements related to the SIM card SIC and its owner. These identification elements comprise, for example, the Integrated Circuit Card IDentification number ICCID and the name N of the user. The SIM card SIC further comprises an operating system OS and an application interpreter I. The application interpreter I is in relation with a plurality of application program interface APIs, for example, functions or classes. The application interpreter I is also in relation with a plurality of applications A1, A2,.. AN to be executed. These applications A1, ... An can use the different applications program interface API through the application interpreter I. The SIM card SIC also comprises a storage area SA, which can be accessed through the application program interface API. The access right to that storage area SA is managed by the operating system OS.
  • FIG. 3 illustrates the structure of an application A. The application A comprises a code area CA and a data area DA. The data area DA comprises data related to the application A and an area for storing at least one token TK. The code area CA comprises code, in particular at least one specific token-validating program TVP.
  • The token TK is a data that has a specific value. The value is, for example, related to an identification of the SIM card SIC, or to an identification of the application that can run on the SIM card SIC, or both identifications. The value of the token TK can further be related to a certain type of licence. Thus the value of the token TK may be a function of, for example, the identification of the SIM card SIC, the identification of the application and the type of licence.
  • A token TK can therefore only be used on the specific SIM card SIC it is computed for. Let it be assumed, for example, that for a given application there are 3 different licence types. For each licence type there is a different token TK. The given application can be, for example, a weather forecast application. For example, the end user can then choose between three types of licence. A first licence type offering a one-day forecast, a second licence type offering a three-day forecast and a third licence type offering a one-day forecast for a one-month period. Three different token TK will thus be associated with this weather forecast application. We can also imagine that the application comprises different services, for example, a weather forecast service and a game service. For each service, different types of licence can be associated.
  • For example, let it be assumed that for a given application A there are three different tokens TK. The SIM card SIC may comprise, for example, a specific token-validating program TVP for each token TK. Alternatively, the SIM card SIC may comprise a unique token-validating program TVP that is capable of checking the validity of the three different token TK. A token validating program TVP is advantageously stored in the code area CA of the application A.
  • Advantageously, a token TK is encrypted through an encrypting key. And the token TK can be decrypted only through a decrypting key.
  • FIG. 4 shows the different steps of the method according to the invention.
  • In a starting step STAR, an application loaded on the SIM card SIC is started. In a token-verifying step VER1, the application verifies whether a token TK associated to the application is present or not. The token TK may be stored, for example, in the data area DA of the application. Alternatively, the token TK may be stored in a specific file F located on the SIM card SIC. Such a file F may comprise a plurality of tokens TK. Alternatively, each token may be stored in a different file.
  • If a token TK is present, in a first validating step VAL1, the application verifies if the token TK is valid.
  • If the token TK is encrypted, the application first decrypts the token TK. Subsequently, the application checks the validity of the token TK by means of the corresponding token-validating program TVP.
  • Let it be assumed, for example, that the application comprises different services, for example, a weather forecast service and a game service. Let further suppose that the weather forecast service is paid by Mr. Nobody, for a time period ranging from a date T1 to a date T2. Let us further suppose that the game service is paid by Mr. Nobody, for a time period ranging from a date T3 to a date T4. These parameters (T1,T2,T3,T4,Mr. Nobody) are contained in the token TK. At a present time T, the token-validating program TVP will extract these different parameters (T1,T2,T3,T4, Mr. Nobody) from the token TK. The token-validating program TVP then compares these parameters (T1,T2,T3,T4, M. Nobody) with, for example, the present time T and the identification elements stored in the data area DD. The data area DD comprises identification elements related to the SIM card SIC and its owner. The application can thus check the validity of the token TK.
  • If the present token TK is valid, in a first continuing step CON1 the application continues to run. If the present token TK is not valid, in an application-aborting step ABO1, the running of the application is aborted.
  • If no token TK is present in the application, in a requesting step REQ, a licence request is sent to the licensing remote server LRS to require a token TK. The licence request REQ can be made by a specific application different from the application to be run, by direct human interface request or by means of a specific file F comprising different tokens TK. This file F can be located on the SIM card SIC. The licence request includes the identification elements related to the SIM card SIC and its owner, which elements are comprised in the data area DD as shown in figure 2.
  • The licensing remote server LRS effects certain steps in response to the licence request:
    • in a storing step STOR, the licensing remote server LRS stores the identification elements, which are included in the licence request, in the first database DB1;
    • in a licence-verifying step VER2, the licensing remote server LRS verifies that the user claiming for a licence is authorized to do so. This can be done, for example, by means of the user-related data included in the first database DB1 and the identification elements;
    • if the verification is not positive, the request procedure is aborted in a request-aborting step ABO. The licensing remote server LRS can then send a message for indicating that the procedure is aborted to the SIM card SIC;
    • if the verification is positive the licensing remote server LRS prepares the token TK in a preparing step PREP. For example, in this step the token TK is encrypted through the encryption key EK. The token TK can thus be decrypted only by using a decrypting key;
    • in a formatting step FOR, the licensing remote server LRS formats a response comprising the token TK;
    • in a sending step SEN, the licensing remote server LRS sends the response to the SIM card SIC for storage. The token included in the response is stored in the specific file F and/or in the data area DA of the current application being executed;
    • in a confirmation step GAT, the licensing remote server LRS receives an acknowledgement from the SIM card SIC that the response has been well-received;
    • in an updating step UPD, the licensing remote server LRS updates the first database DB1. The licence distribution shows the number of tokens TK having already been deployed and the type of these deployed tokens TK.
  • The SIM card SIC receives the response comprising the token TK from the licensing remote server LRS. In a validating step VAL2, the application checks the received token TK to know whether the token is valid or not. The received token TK is decrypted by means of a decrypting key located on the SIM card SIC. A token-validating program TVP checks whether the received token TK is valid or not.
  • If the received token TK is valid, in a second continuing step CON2, the application can continue to run. If the received token TK is not valid, in a second application-aborting step ABO2 the running of the application is aborted.
  • In the above mentioned mode of realization, the application to be run was already loaded on the SIM card SIC. But if the application to be run is not loaded on the SIM card SIC, the application can be downloaded from the second database DB2 of the application remote server ARS. The application remote server ARS then sends the requested application to the SIM card SIC. The application remote server ARS can also send a request to the licensing remote server LRS for sending a token TK from the licensing remote server LRS to the SIM card SIC. The request can also be made from the SIM card SIC.
  • The application interpreter I can also be loaded from the application remote server ARS.
  • In another mode of realization, the application to be run can also be loaded from a specific card reader available, for example, at a sales outlet.
  • In another mode of realization, the licensing remote server LRS and the application remote server ARS can be a single remote server.
  • In the particular mode of realization, the applications were loaded on a SIM card associated with a cell phone MP. More generally the applications can be loaded on any portable object capable of running a program written in a computer language. Advantageously the computer language can be an object oriented language, in particular an object oriented language using an application interpreter. But the computer language can also be a compiled language. The portable object can be, for example, a smart card, a cell phone, or a personal digital assistant PDA.
  • Advantageously the token TK received from the licensing remote server LRS is located in the application and/or in the specific file F. But the token TK can be located elsewhere in the portable object SC.
  • In another mode of realization, there can be a temporary licence token. The token can furthermore contain configuration elements to activate or deactivate part of the application. Billing can be done on the licensing remote server LRS. The licensing scheme can be based on the database DB1.
  • In the above modes of realization, asymmetrical keys are used to encrypt or decrypt the token TK, that is a private encrypting key and a public decrypting key have been used, but symmetrical keys can also be used.
  • Finally, with the present invention an application can easily be delivered in an open framework. In addition a digital signature can be associated with the application, so as to allow authentication.

Claims (4)

  1. A method of controlling the use of an application capable of being run on a portable object (SC), is characterized in that the method comprises the following steps:
    a requesting step (REQ), in which a licence request is sent to a licensing remote server (LRS) ;
    a sending step (SEN), in which the licensing remote server (LRS) sends a token (TK) to the portable object (SC) ;
    a validating step (VAL2), in which the token (TK) is checked so as to determine whether the token is valid or not; and
    if the token (TK) is not valid, in an application-aborting step (ABO2), the running of the application is aborted.
  2. The method according to claim 1, characterized in that the portable object (SC) is a SIM card SIC.
  3. The method according to claim 1, characterized in that the token (TK) is encrypted and in that the portable object (SC) decrypts the token (TK) before checking the validity of the token (TK).
  4. The method according to claim 1, is characterized in that the requesting step (REQ) is preceded by a verifying step to check if the application is present on the portable object (SC) ; and if not to cause the portable object (SC) to download the application from an application remote server (ARS).
EP02290449A 2002-02-22 2002-02-22 Protection against unauthorised execution of a program on an IC card Withdrawn EP1338938A1 (en)

Priority Applications (7)

Application Number Priority Date Filing Date Title
EP02290449A EP1338938A1 (en) 2002-02-22 2002-02-22 Protection against unauthorised execution of a program on an IC card
JP2003570228A JP2006514788A (en) 2002-02-22 2003-02-21 Control of applications provided to mobiles
CNB038052741A CN100345077C (en) 2002-02-22 2003-02-21 Controlling an application provided on a portable object
EP03702922A EP1483640A2 (en) 2002-02-22 2003-02-21 Controlling an application provided on a portable object
US10/505,599 US20050091544A1 (en) 2002-02-22 2003-02-21 Controlling an application provided on a portable object
PCT/IB2003/000648 WO2003071401A2 (en) 2002-02-22 2003-02-21 Controlling an application provided on a portable object
AU2003206039A AU2003206039A1 (en) 2002-02-22 2003-02-21 Controlling an application provided on a portable object

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP02290449A EP1338938A1 (en) 2002-02-22 2002-02-22 Protection against unauthorised execution of a program on an IC card

Publications (1)

Publication Number Publication Date
EP1338938A1 true EP1338938A1 (en) 2003-08-27

Family

ID=27635903

Family Applications (2)

Application Number Title Priority Date Filing Date
EP02290449A Withdrawn EP1338938A1 (en) 2002-02-22 2002-02-22 Protection against unauthorised execution of a program on an IC card
EP03702922A Ceased EP1483640A2 (en) 2002-02-22 2003-02-21 Controlling an application provided on a portable object

Family Applications After (1)

Application Number Title Priority Date Filing Date
EP03702922A Ceased EP1483640A2 (en) 2002-02-22 2003-02-21 Controlling an application provided on a portable object

Country Status (6)

Country Link
US (1) US20050091544A1 (en)
EP (2) EP1338938A1 (en)
JP (1) JP2006514788A (en)
CN (1) CN100345077C (en)
AU (1) AU2003206039A1 (en)
WO (1) WO2003071401A2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1557735A2 (en) * 2003-12-18 2005-07-27 NTT DoCoMo, Inc. Communication system, communication terminal device, and information storage module for restricting use of content
WO2006054980A1 (en) 2004-11-15 2006-05-26 Cingular Wireless Ii, Llc Programming and/or activating of a subscriber identity module (sim) for an analog telephone adapter (ata) device
US7287161B2 (en) 2002-12-27 2007-10-23 Nokia Corporation Method and system for testing a program, and a device
US8380180B2 (en) 2004-11-15 2013-02-19 At&T Mobility Ii Llc Remote programming/activation of SIM enabled ATA device

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007513402A (en) * 2003-11-06 2007-05-24 インテュウェーブ リミテッド Secure multi-entity access to resources on mobile phones
EP1536606A1 (en) 2003-11-27 2005-06-01 Nagracard S.A. Method for authenticating applications
US7191288B2 (en) * 2004-02-24 2007-03-13 Sun Microsystems, Inc. Method and apparatus for providing an application on a smart card
US7374099B2 (en) * 2004-02-24 2008-05-20 Sun Microsystems, Inc. Method and apparatus for processing an application identifier from a smart card
US7165727B2 (en) 2004-02-24 2007-01-23 Sun Microsystems, Inc. Method and apparatus for installing an application onto a smart card
US7140549B2 (en) * 2004-02-24 2006-11-28 Sun Microsystems, Inc. Method and apparatus for selecting a desired application on a smart card
US7232073B1 (en) 2004-12-21 2007-06-19 Sun Microsystems, Inc. Smart card with multiple applications
US20080222604A1 (en) * 2005-03-07 2008-09-11 Network Engines, Inc. Methods and apparatus for life-cycle management
US20090089871A1 (en) * 2005-03-07 2009-04-02 Network Engines, Inc. Methods and apparatus for digital data processor instantiation
EP1965330A3 (en) * 2007-02-28 2010-02-10 Ricoh Company, Ltd. Information processing system, information processor, image forming apparatus, and information processing method
CN101720085B (en) * 2009-11-18 2012-08-15 华为终端有限公司 Application method and device of intelligent card
US8453258B2 (en) * 2010-09-15 2013-05-28 Bank Of America Corporation Protecting an electronic document by embedding an executable script
US8868915B2 (en) * 2010-12-06 2014-10-21 Verizon Patent And Licensing Inc. Secure authentication for client application access to protected resources
US8763159B1 (en) * 2012-12-05 2014-06-24 Parallels IP Holdings GmbH System and method for application license management in virtual environments

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6223291B1 (en) * 1999-03-26 2001-04-24 Motorola, Inc. Secure wireless electronic-commerce system with digital product certificates and digital license certificates
US20020013772A1 (en) * 1999-03-27 2002-01-31 Microsoft Corporation Binding a digital license to a portable device or the like in a digital rights management (DRM) system and checking out / checking in the digital license to / from the portable device or the like

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996007256A1 (en) * 1994-08-30 1996-03-07 Kokusai Denshin Denwa Co., Ltd. Certifying system
FI105637B (en) * 1997-07-02 2000-09-15 Sonera Oyj A method for managing applications stored on a subscriber identity module
US6226618B1 (en) * 1998-08-13 2001-05-01 International Business Machines Corporation Electronic content delivery system
US20030088516A1 (en) * 1999-12-21 2003-05-08 Eric B. Remer Software anti-piracy licensing
US7155415B2 (en) * 2000-04-07 2006-12-26 Movielink Llc Secure digital content licensing system and method
WO2001092993A2 (en) * 2000-06-02 2001-12-06 Vigilant Systems, Inc. System and method for licensing management
CN1202682C (en) * 2000-07-07 2005-05-18 黎明网络有限公司 Method for dynamic obtaining value-added manu of short message of mobile telephone set
US7010808B1 (en) * 2000-08-25 2006-03-07 Microsoft Corporation Binding digital content to a portable storage device or the like in a digital rights management (DRM) system
US6959320B2 (en) * 2000-11-06 2005-10-25 Endeavors Technology, Inc. Client-side performance optimization system for streamed applications
US6959436B2 (en) * 2000-12-15 2005-10-25 Innopath Software, Inc. Apparatus and methods for intelligently providing applications and data on a mobile device system
JP2002259606A (en) * 2001-02-28 2002-09-13 Internatl Business Mach Corp <Ibm> Updating method for program use permission period, use permitting method for program, information processing system, and program
EP1243998B1 (en) * 2001-03-21 2017-04-19 Excalibur IP, LLC A technique for license management and online software license enforcement
US7203966B2 (en) * 2001-06-27 2007-04-10 Microsoft Corporation Enforcement architecture and method for digital rights management system for roaming a license to a plurality of user devices
US7120429B2 (en) * 2001-08-13 2006-10-10 Qualcomm Inc. System and method for licensing applications on wireless devices over a wireless network
US6973305B2 (en) * 2003-09-10 2005-12-06 Qualcomm Inc Methods and apparatus for determining device integrity

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6223291B1 (en) * 1999-03-26 2001-04-24 Motorola, Inc. Secure wireless electronic-commerce system with digital product certificates and digital license certificates
US20020013772A1 (en) * 1999-03-27 2002-01-31 Microsoft Corporation Binding a digital license to a portable device or the like in a digital rights management (DRM) system and checking out / checking in the digital license to / from the portable device or the like

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7287161B2 (en) 2002-12-27 2007-10-23 Nokia Corporation Method and system for testing a program, and a device
EP1557735A2 (en) * 2003-12-18 2005-07-27 NTT DoCoMo, Inc. Communication system, communication terminal device, and information storage module for restricting use of content
EP1557735A3 (en) * 2003-12-18 2006-06-21 NTT DoCoMo, Inc. Communication system, communication terminal device, and information storage module for restricting use of content
US7450929B2 (en) 2003-12-18 2008-11-11 Ntt Docomo, Inc. Communication system, communication terminal device, and information storage module
WO2006054980A1 (en) 2004-11-15 2006-05-26 Cingular Wireless Ii, Llc Programming and/or activating of a subscriber identity module (sim) for an analog telephone adapter (ata) device
US8380180B2 (en) 2004-11-15 2013-02-19 At&T Mobility Ii Llc Remote programming/activation of SIM enabled ATA device

Also Published As

Publication number Publication date
AU2003206039A8 (en) 2003-09-09
EP1483640A2 (en) 2004-12-08
CN100345077C (en) 2007-10-24
JP2006514788A (en) 2006-05-11
WO2003071401A3 (en) 2004-05-13
US20050091544A1 (en) 2005-04-28
CN1639667A (en) 2005-07-13
WO2003071401A2 (en) 2003-08-28
AU2003206039A1 (en) 2003-09-09

Similar Documents

Publication Publication Date Title
EP1338938A1 (en) Protection against unauthorised execution of a program on an IC card
CN101091156B (en) System and method for providing a multi-credential authentication protocol
CN100562902C (en) Be used for the method and system that safety management is stored in the data on the electronic tag
US7707225B2 (en) Information processing apparatus, information processing method, and program
KR100978053B1 (en) Method and apparatus for initializing a secure element in a wireless terminal
CN100534090C (en) Security element commanding method and mobile terminal
EP1804418A1 (en) A dynamic password authentication system and the method thereof
US20070186115A1 (en) Dynamic Password Authentication System and Method thereof
EP2420036B1 (en) Method and apparatus for electronic ticket processing
RU2411670C2 (en) Method to create and verify authenticity of electronic signature
US20050137889A1 (en) Remotely binding data to a user device
EP1645984A1 (en) Information processing apparatus, information processing method, and program
CN101189616A (en) Facilitating and authenticating transactions
KR100592411B1 (en) Method for managing and authenticating members by using barcode and system thereof
CN101482962A (en) Service data processing terminal and service data processing method
US20100024025A1 (en) Authentication system and authentication server device
US20040172369A1 (en) Method and arrangement in a database
US20140052992A1 (en) Response to Queries by Means of the Communication Terminal of a User
EP2234423B1 (en) Secure identification over communication network
KR101040577B1 (en) Method and System for issuing of Mobile Application
CN114493565A (en) Account association method and account association management system
JP2006140543A (en) Mobile communications system, authentication server, portable telephone, and security method and program
JP2004110431A (en) Personal identification system, server device, personal identification method, program and recording medium
Eisl Smart Card security services for an Open Application environment used in mobile phones
KR20020087656A (en) Method for certifying a right user using a wireless communication apparatus

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

AX Request for extension of the european patent

Extension state: AL LT LV MK RO SI

AKX Designation fees paid
REG Reference to a national code

Ref country code: DE

Ref legal event code: 8566

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: AXALTO S.A.

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20040228